с, 


2/F Berkeley Square House 
Berkeley Square 

London 

W1J 6BD 

+44 (0)20 7887 1480 
Wwww.ecogra.org 


11 November 2013 


BENCHMARKING STUDY OF SWEDISH RESPONSIBLE GAMBLING REQUIREMENTS AGAINST THE CEN 
WORKSHOP AGREEMENT 16259:2011 FOR RESPONSIBLE REMOTE GAMBLING MEASURES 


In accordance with our Letter of Engagement dated 22 October 2013, eGaming Compliance Services Limited, 
trading as ‘eCOGRA’, was appointed by Branschforeningen för OnlineSpel (‘BOS’) to perform a benchmarking 
study of Swedish government responsible gambling requirements and the Swedish organisation SPER’s 
Standard on Gambling Responsibility (the ‘Swedish Requirements’) against the CEN Workshop Agreement 
16259:2011 for Responsible Remote Gambling Measures (the ‘CWA’). 


BOS commissioned the benchmarking study for November 2013 and the enclosed report provides the 
results of the study, and highlights the findings where the CWA Measures are only partially addressed or 
not addressed by the Swedish Requirements, and those Swedish Requirements that BOS Members should 
further investigate and potentially implement. 


The findings included in this report are those that could be assessed through the translations of Swedish 
Requirements provided by BOS. Due to the inherent limitations of performing work in this manner, the 
results of the benchmarking study are dependent on the completeness and accuracy of information 
provided. As a result this report may not highlight all possible discrepancies. 


This report is supplied on the basis that it is for the sole use of the parties listed and to whom it is 
addressed, and exclusively for the objectives set out herein. No party, other than those specified, may rely 
upon this report for any purpose whatsoever. eCOGRA does not accept any liability or responsibility 
towards any third party to whom this report is shown or into whose hands it may fall. 


We would like to take this opportunity to thank the various members of your staff, for their co-operation 
and assistance during the course of the review. Please feel free to contact myself on +44 (0)7866 777772 
should you have any questions or require further discussion or explanation with regards to any of the 
findings raised in this report. 


Yours sincerely, 


(4 Ue. O 
A 


Tex Rees 
Executive Director, eCOGRA 
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1. INTRODUCTION 


Established in 2003, eCOGRA is a London-based internationally accredited testing agency and player protection and standards organisation that provides an international framework for 
best operational practice requirements, with particular emphasis on fair and responsible gambling. 


eCOGRA is currently approved as an online gambling testing laboratory in the United Kingdom, Alderney, Italy, Spain, Denmark and various other jurisdictions offering online gambling 
licences. The organisation has been awarded the United Kingdom Accreditation Service (UKAS) ISO approval ISO/IEC 17025:2005: General Requirements for the competence of testing 
and calibration laboratories. 


In October 2013, eCOGRA was appointed by BOS to perform a benchmarking study of the Swedish Requirements against the CWA Measures. 
The following documents were used for the study: 


The Department of Finance: The Change of Conditions in Svenska Spel’s Lottery license, The Government Decision 112 

The Department of Finance: The Change of Conditions in Svenska Spel’s license on Arranging Casino Games According to the Casino Law, The Government Decision 114 
The Department of Finance: The Change of Conditions in Svenska Spel’s license to Arranging Online Poker, The Government Decision 115 

The Department of Finance: The Change of Conditions in Svenska Spel’s license to Arranging Gambling with Gambling Machines, The Government Decision 116 

The Swedish Gambling Authorities’ Injunctions on Gambling Consequences Analysis - 20 August 2013 

Specific Conditions Regarding AB Svenska Spel’s Products Distributed via Electromagnetic Waves 

The Association SPER’s Standard on Gambling Responsibility - April 2013 

The Association SPER’s Guidelines on Bonuses — September 2013 


69 MoD oe wP oe 


Background to the CWA 


CEN is the European Committee for Standardisation, one of three European Standardisation Organisations officially recognised by the EU (www.cen.eu). CEN draws up voluntary 
technical specifications, such as a CEN Workshop Agreement, to help facilitate a single market for European industry and consumers across its members in 31 European countries. 
http://www.eesc.europa.eu/self-and- 

coregulation/documents/codes/private/143%20MARKT%202011%20CEN%20Responsible%20Remote%20Gambling%20Measures_ Workshop%20Agreement_final_16259-2011.pdf 





The Workshop Agreement “Responsible Remote Gambling Measures” is a set of 134 practical measures aimed at safeguarding a high level of consumer protection and ensuring that 
remote gambling operators behave responsibly in the European Union. 
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1. INTRODUCTION 
It was published in February 2011 by CEN, the European Committee for Standardization, one of three European Standardization Organizations officially recognised by the EU, with 
members across 31 European countries. 


CEN Workshop Agreements (CWA) are self-regulatory agreements that function as effective complements to existing national and EU regulation. The current CWA also informs policy 
makers of the standards required to maintain a responsible, safe and secure remote gambling environment. The CWA at hand concerns remote gambling; land-based gambling is not 
included in its scope. 


The work was proposed and undertaken by a wide range of experts and stakeholders involved in different aspects of online gambling. It was formally launched in May 2010, with over 25 
registered participating stakeholders. The CWA is based on more than 600 specific contributions submitted by participants, and was open to public consultation over a three-month 
period 


To ensure the proper protection of the customer on as many levels of gambling as possible, the CWA defines 9 Control Objectives. For the effective implementation of each Control 
Objective, a series of detailed Measures are laid down. The 9 Control Objectives are: 


1. The protection of vulnerable customers 
Тһе objective is to combat problem gambling and to ensure that gambling takes place in a responsible environment. 
• Тһе 21 Measures include clear and accessible customer information and the ability for players to impose deposit limits, self-exclusion or cooling-off periods. 
2. The prevention of underage gambling 
Тһе objective is to provide practical and effective means of preventing underage individuals from accessing remote gambling products. 
• Тһе 14 Measures include operator and third-party age and ID verification as well as the use of filtering programs. 
3. Combating fraudulent and criminal behaviour 
Тһе objective is to protect customers and operators from fraud and criminal behaviour. 
• Тһе 16 Measures include the implementation and enforcement of strict security measures and the reporting of any suspected transactions to the authorities. 
е They serve as a complement to the provisions of the 3rd anti-Money Laundering Directive (Directive 2005/60/ЕС). 
4. Protection of customer privacy and safeguarding of information 





Тһе objective is to ensure that privacy and confidentiality of customer information is secured. 
• Тһе 6 Measures include the secure storage of credit card details and a confidentiality clause in employment contracts prohibiting the unauthorised disclosure of information. 
• Тһе measures аге in compliance with the Directive on Data Protection (Directive 95/46/EC) and the e-Privacy Directive (Directive 2009/136/EC) as applicable. 

5. Prompt and accurate customer payments 





Тһе objective is to secure that payments to customers are prompt and accurate. 
“Тһе 11 Measures include the logging of all information regarding receipts and payments and the use of appropriate checks and verification. 
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1. 


2. 


INTRODUCTION 


6. Fair gaming 
Тһе objective is to ensure that all gambling products offered to customers are fair. 
e Тһе 22 Measures include proper procedures for ensuring games are random and fair, and identifying suspicious sports betting transactions and patterns which might pose a 
threat to the integrity of sporting competitions. 

7. Responsible marketing 
Тһе objective is to provide assurance that advertisements contain factually correct information and are neither false nor misleading. 
• Тһе 10 Measures include ensuring advertising is not aimed at underage individuals and does not suggest gambling is a means of solving financial difficulties. 

8. Commitment to customer satisfaction and support 
e Тһе objective is to provide assurance that customers are provided with an enjoyable gaming experience and that possible complaints сап be logged at all times and аге 
properly handled. 
• Тһе 7 Measures include procedures for the proper handling of customer complaints and the availability of third-party mediation. 

9. Secure, safe and reliable operating environment 
Тһе objective is to ensure that gambling products are provided in a secure, safe and reliable operating environment. 
e Тһе 27 Measures include risk-based internal and external security reviews that should be conducted at least annually ог in the event of material changes as well as regular 
training and awareness programmes for compliance personnel. 

OBJECTIVES AND SCOPE 


The objective of this benchmarking study is to determine if the Swedish Requirements: 


Fully Addressed the requirements of the CWA; 

Partially Addressed the requirements of the CWA; 

Do Not Address the requirements of the CWA; or 

Identify Responsible Gambling policies and procedures in the Swedish Requirements that are not contained in the CWA. 





By comparing the CWA Measures against the Swedish Requirements, this study is an empirical exercise that attempts to provide fact based evidence about the levels of consumer 
protection offered by private EU regulated operators and the Swedish regulated operator. ‘The Swedish Requirements’ include regulations set forth by licensing/supervisory bodies and 
by external organisations or procedures, but not by trade associations in forms of codes of conduct or binding statutes. 


The scope of the study covers the CWA Measures grouped under 9 different Control Objectives and the eight translated Swedish Requirements documents. It does not include 
information that may be contained in the Terms and Conditions of the Swedish regulated operator. 
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3. | METHODOLOGY AND APPROACH 
In order to achieve the objectives of the benchmarking study, we reviewed and compared the Swedish Requirements against the CWA Measures. 


The results of the comparative analysis performed between the Swedish Requirements and the CWA Measures are enclosed, with the CWA Measures used as the primary base. Where a 
direct correlation between a CWA Measure and a Swedish Requirement was identified, the respective Requirement and Measure was mapped accordingly and the direct correlation was 
marked as ”Fully Addressed” for the purposes of the comparison. For those requirements where a correlation was identified but notable differences exist in the nature or extent of the 
Swedish Requirement versus the CWA Measure, the correlation was marked as ”Partially Addressed” for the purposes of the comparison. CWA Measures for which no equivalent or 
similar Swedish Requirements were identified, were highlighted as such and marked as ”Not Addressed”. Furthermore, we have included an evaluation of the Swedish specific 
requirements that are not addressed within the CWA Measures. 


It is important to note that certain Swedish Requirements that are not addressed within the CWA Measures are aimed at a land-based gambling environment ог the licensing of the 
single operator (Svenska Spel). Swedish Requirements of this nature have been intentionally excluded for the purposes of this benchmarking study. 


4. SUMMARY OF FINDINGS 
Table 1. below provides a summary of the results of our findings for the various CWA Measures according to each CWA Control Objective that was assessed. 


Table 1. 
Number of CWA Measures Number of CWA Number of CWA Total Number of CWA 
Fully Addressed by Swedish Measures Partially Measures Not Measures 
Requirements Addressed by Swedish | Addressed by Swedish 
Requirements Requirements 


. The protection of vulnerable customers 

. The prevention of underage gambling 

. Combating fraudulent and criminal behaviour 

. Protection of customer privacy and safeguarding of information 
. Prompt and accurate customer payments 

. Fair gaming 

. Responsible marketing 

. Commitment to customer satisfaction and support 

. Secure, safe and reliable operating environment 
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Diagram 1. below illustrates the total percentage of Swedish Requirements that fully address, partially address or do not address the CWA Measures. When the results across all CWA 


Control Objectives are totalled for а// CWA Measures, the results indicate that 35% of Swedish Requirements fully address the CWA Measures, 21% of Swedish Requirements partially 
address the CWA Measures and 44% do not address the CWA Measures. 














Diagram 1. 
Е 


Summary of CWA Measures Mapped Against Swedish Requirements 








E Number of CWA Measures Addressed by Swedish 
Requirements 


E Number of CWA Measures Partially Addressed by 
Swedish Requirements 


= Number of CWA Measures Not Addressed by 
Swedish Requirements 
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Diagram 2. below illustrates the summary of the CWA Measures mapped against Swedish Requirements by CWA Control Objective. 





Diagram 2. 





Summary of CWA Measures Mapped Against Swedish Requirements 
by CWA Objective 














criminal 
behaviour 
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Diagram 3. below illustrates a comparison of the first CWA Control Objective ‘The protection of | When the results across the CWA Control Objective ‘The protection of vulnerable 





vulnerable customers’. customers’ are totalled this indicates that 86% of CWA Measures are fully addressed 
Diagram 3. by the Swedish Requirements. 14% of CWA Measures are not addressed at all by 
1. The protection of vulnerable customers the Swedish Requirements. 


The first CWA Control Objective contains 22 Measures that deal with the protection 
of vulnerable customers. The following Measures were not addressed: 


m Number of CWA Measures Addressed by Swedish e 1.08 Customers should be provided with reliable and remote access to 


вечната their account history dating back for а minimum period of 60 days, and 
m Number of CWA Measures Partially Addressed by 
Swedish Requirements 
m Number of CWA Measures Мааа | deposits, withdrawals, wagers, wins, losses, fees and bonuses. 
Swedish Requirements 


offline access dating back for a minimum period of 6 months, including all 


e 1.09 Free play games websites should provide links to the same age 
restriction, responsible gambling, and customer protection information as 
the real money sites, but need not be subject to the same verification 
process. 





е 1.10 Multiple language websites should provide all information concerning 
age limits, responsible gambling, and customer protection in the relevant 
languages. 
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Diagram 4. below illustrates a comparison of the second CWA Control Objective ‘The 
prevention of underage gambling’. 

Diagram 4. 
F 7 E = а парчи | 
2. The prevention of underage gambling 





ШЕ Number of CWA Measures Addressed by Swedish 
Requirements 


m Number of CWA Measures Partially Addressed by 
Swedish Requirements 


Е Number of CWA Measures Not Addressed by 
Swedish Requirements 























When the results across the CWA Control Objective ‘The prevention of underage gambling’ 
are totalled the results indicate that 100% of CWA Measures are fully addressed by the 
Swedish Requirements. 


The second CWA Control Objective contains 14 Measures that deal with the prevention of 
underage gambling, covering the following areas: 


e Links and information 

e Registration and verification 

e Free play sites 

е Dealing with identified underage customers 
e General 
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Diagram 5. below illustrates a comparison of the third CWA Control Objective ‘Combating 
fraudulent and criminal behaviour’. 


Diagram 5. 


3. Combating fraudulent and criminal behaviour 


и Number of CWA Measures Addressed by Swedish 
Requirements 


m Number of CWA Measures Partially Addressed by 
Swedish Requirements 


= Number of CWA Measures Not Addressed by 
Swedish Requirements 





When the results across the CWA Control Objective ‘Combating fraudulent and criminal 
behaviour’ are totalled the results indicate that 100% of CWA Measures are partially 
addressed by the Swedish Requirements. 


The Association SPER’s Standards, Principles and Guidelines for Responsible Gambling has 
a single requirement that states: 


e 1.4 should through their work aim to prevent criminal actions and contribute to 
prevent money laundering; 


The third CWA Control Objective breaks this down into 17 Measures that deal with 
combating fraudulent and criminal behaviour covering the following areas: 


e Тһе EU Third Money Laundering Directive 

е Responsibility and ownership (AML policies and procedures) 
e Account funding and transfers 

e Detecting and reporting of criminal and suspicious behaviour 
e Record retention 
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Diagram 6. below illustrates a comparison of the fourth CWA Control Objective ‘Protection of When the results across the CWA Control Objective ‘Protection of customer privacy and 
customer privacy and safeguarding of information’. safeguarding of information’ are totalled this indicates that 100% of the CWA Measures 
are not addressed at all by the Swedish Requirements. 


Diagram 6. 


4. Protection of customer privacy and safeguarding of information 





The fourth CWA Control Objective contains 7 Measures that deal with the protection of 


customer privacy and safeguarding of information. The following Measures were not 


m Number of CWA Measures Addressed by Swedish 
Requirements 


m Number of CWA Measures Partially Addressed by 
Swedish Requirements 


E Number of CWA Measures Not Addressed by 
Swedish Requirements 


100% 





addressed in the Swedish Requirements: 


4.01 Confidential customer information submitted at any point in time should be 
protected from unauthorised or unnecessary disclosure in line with the EU 
Directives on Data Protection and e-Privacy. 

4.02 The operator’s privacy policy should state the minimum information that is 
required to be collected, the purpose for information collection, the conditions 
under which information may be disclosed and the controls in place to prevent 
the unauthorised or unnecessary disclosure of the information. 

4.03 Multiple language websites should display the operator’s privacy policy in 
the relevant languages. 

4.04 Terms and conditions that require acceptance from customers during 
registration should clearly state the operator’s privacy policy. Customer consent 
of the terms and conditions is required prior to successful registration. 

4.05 Customer credit card numbers stored on the system should be secured from 
unauthorised use. 

4.06 The operator should take all reasonable steps to ensure that any 
information supplied by customers is kept up to date and that customers are 
provided access to their confidential information. 

4.07 Director, officer and employee contracts should contain a “confidentiality” 
clause prohibiting the unauthorised or unnecessary disclosure of customer 
information. 
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Diagram 7. below illustrates a comparison of the fifth CWA Control Objective ‘Prompt 
and accurate customer payments’. 


Diagram 7. 


5. Prompt and accurate customer payments 


в Number of CWA Measures Addressed by Swedish 
Requirements 


m Number of CWA Measures Partially Addressed by 
Swedish Requirements 


E Number of CWA Measures Not Addressed by 
Swedish Requirements 





When the results across the CWA Control Objective ‘Prompt and accurate customer payments’ 
is totalled the results indicate that 100% of CWA Measures are not addressed at all by the 
Swedish Requirements. 


The fifth CWA Control Objective contains 12 Measures that deal with prompt and accurate 


customer payments. The following measures were not addressed: 


5.01 Registration, deposit and withdrawal procedures and conditions should comply 
with the EU Distance Selling Directive where applicable and be clearly communicated 
to customers. 

5.02 The operator’s website terms and conditions should state that only customers 
legally permitted by their respective jurisdiction can participate in gambling activities. 
5.03 Payments to and from customers should be conducted according to a formal 
documented process. 

5.04 The detection and correction of timeout receipts should be conducted in 
accordance with a formal documented process. 

5.05 Operators should ensure prompt and accurate processing of payments subject to 
appropriate and necessary checks and verifications. 

5.06 All information regarding receipts and payments should be logged and retained 
by the applicable parties. 

5.07 Financial reconciliations performed for payments and receipts should be 
reviewed and approved. 

5.08 Customer account related queries should be promptly addressed. 

5.09 The locking of customer accounts should be conducted through a formal 
documented process. 

5.10 Any uncontested funds left in an account, previously de-activated by the 
operator, should be remitted to the owner of the funds, upon request and subject to 
published terms and conditions. 

5.11 The operator’s liability for customer balances, pending cash-ins and guaranteed 
prizes should be separately identifiable at any point in time, and operators should 
demonstrate sufficient cash and cash equivalents to pay these balances. 

5.12 If the operator adopts a policy of clearing inactive customer accounts, then 
customers should be informed prior to clearing of the account, and this policy should 
be clearly stated in the operator’s terms and conditions. 
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Diagram 8. below illustrates a comparison of the sixth CWA Control Objective ‘Fair When the results across the CWA Control Objective ‘Fair Gaming’ are totalled the results 








gaming’. indicate that 4% of CWA Measures are fully addressed by the Swedish Requirements, 33% of 
CWA Measures are partially addressed by the Swedish Requirements and 63% of CWA 
Diagram 8. Measures are not addressed at all by the Swedish Requirements. 
6. Fair gaming 


The sixth CWA Control Objective contains 24 Measures that deal with fair gaming, the 


m Number of CWA Measures Addressed by Swedish 
Requirements 


E Number of CWA Measures Partially Addressed by 
Swedish Requirements 


Е Number of CWA Measures Not Addressed by 
Swedish Requirements 





following Measures were partially addressed or not addressed at all: 


6.01 Operators should implement a product testing policy, approved and supported 
by its senior management, which will provide for the testing of all products for 
fairness and randomness. 
6.02 The policy should make provision for the internal and external testing of product 
fairness and randomness. 
6.03 Testing of fairness and randomness of products should be conducted prior to, 
and subsequent to the operation of the games and/or betting products. 
6.04 All major changes should be individually tested and a system-wide regression 
test should be completed at least annually. 
6.05 Payout percentage reviews should be conducted on a regular basis to verify the 
actual return to the customer against the theoretical/estimated return. 
6.06 The financial data log files should be reconciled to movements on the operator / 
customer accounts to ensure accuracy and completeness of data used in output- 
based payout percentage and RNG testing. 
6.07 The theoretical statistical return percentage for a particular game type should be 
no less than that of the equivalent game in free play mode. 
6.09 The output obtained through the use of the random number generator (“RNG”) 
in games should be proven to be: 

о Statistically independent 

о Uniformly distributed over their range 
6.11 "Near-miss" game results should not be falsely displayed by substituting one 
losing outcome with a different losing outcome. 
6.12 Where a game simulates a physical device: 

о visual representation of the device ought to correspond to the 

features of the physical device 
о The probability of any event occurring should be as for the actual physical 
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device except where deviations are clearly displayed to the customers. 
6.13 Where the game simulates multiple physical devices that would be expected to 
be independent of one another, each simulated device should be independent of the 
other simulated device. 
6.14 Where the game simulates physical devices that have no memory of previous 
events, the behaviour of the simulations should be independent of the behaviour of 
previous simulations. 
6.15 The design and operation of games should be strictly in accordance with the 
specified game rules, and should not deviate from those rules. 
6.16 Game rules should be date stamped and made available to the customer at all 
times, and should be tested on an annual basis. 
6.17 Changes to rules and pay tables should not be retrospective in their effect. 
6.18 The game pay tables should be available to the customer during games of 
chance. 
6.19 Multiple language websites should provide game rules in the relevant languages. 
6.20 Preventative and detective controls or technology should be in place to ensure 
that the prospect of cheating through collusion (external exchange of information 
between different customers) is prevented. 
6.21 If poker rooms employ poker robots these should be clearly identifiable as such 
to customers and must not be used to provide misleading information about a site’s 
popularity. 
6.22 Under their terms and conditions, poker rooms should not permit the use of 
robots by customers with a view to providing them with an advantage over other 
customers, and should have procedures in place to monitor the rooms for robots and, 
upon detection stopping their use. 
6.23 For sportsbetting there should be procedures for identifying suspicious betting 
transactions and patterns which might identify a threat to the sport’s integrity or an 
offence of cheating. Where a threat is identified there should be a procedure for 
notifying the relevant sporting body or Regulatory Authority. 
6.24 Effective risk control mechanisms should be in place for managing events 
offered, bet sizes and prices, taking into consideration available cash and cash 


equivalents. 
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Diagram 9. below illustrates a comparison of the seventh CWA Control Objective 
‘Responsible marketing’. 


Diagram 9. 








7. Responsible marketing 


m Number of CWA Measures Addressed by Swedish 
Requirements 


m Number of CWA Measures Partially Addressed by 
Swedish Requirements 


m Number of CWA Measures Not Addressed Бу 
Swedish Requirements 


100% 
































When the results across the CWA Control Objective ‘Responsible marketing’ is totalled the 
results indicate that 100% of CWA Measures are fully addressed by the Swedish Requirements. 


The seventh CWA Control Objective contains 13 Measures that deal with responsible 
marketing, covering the following areas: 


e The EU Unfair Commercial Practices and Distance Selling Directives 
e Advertising content 

e Unauthorised marketing activity 

e Third party marketing activities 








CONFIDENTIAL 
PAGE 18 OF 24 





%Жсосға 


BENCHMARKING STUDY 
BRANSCHFORENINGEN FOR ONLINESPEL (‘BOS’) 





Diagram 10. below illustrates a comparison of the eighth CWA Control Objective 
‘Commitment to customer satisfaction and support’. 


Diagram 10. 


8. Commitment to customer satisfaction and support 


m Number of CWA Measures Addressed by Swedish 
Requirements 


E Number of CWA Measures Partially Addressed by 
Swedish Requirements 


m Number of CWA Measures Not Addressed by 
Swedish Requirements 





When the results across the CWA Control Objective ‘Commitment to customer satisfaction 
and support’ are totalled this indicates that 62% of CWA Measures are fully addressed by the 
Swedish Requirements, 13% of CWA Measures are partially addressed by the Swedish 
Requirements and 25% of CWA Measures are not addressed at all by the Swedish 
Requirements. 








The eighth CWA Control Objective contains 8 Measures that deal with the commitment to 
customer satisfaction and support, the following measures were partially addressed or not 
addressed at all: 


e 8.06 Operators should keep records of all customer correspondence relating to a 
complaint and dispute for an appropriate period of time. 

е 8.07 An independent third party should be available for mediation or resolution of 
disputes. 

е 8.08 The third party should be required to keep records of all customer 
correspondence relating to a dispute for an appropriate period of time. 
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Diagram 11. below illustrates a comparison of the ninth CWA Control Objective ‘Secure, 


safe and reliable operating environment’. 
Diagram 11. 


9. Secure, safe and reliable operating environment 


Е Number of CWA Measures Addressed by Swedish 
Requirements 


E Number of CWA Measures Partially Addressed by 
Swedish Requirements 


Е Number of CWA Measures Not Addressed by 
Swedish Requirements 





When the results across the CWA Control Objective ‘Secure, safe and reliable operating 
environment’ are totalled this indicates that 13% of CWA Measures are partially addressed by 
the Swedish Requirements and 87% of CWA Measures are not addressed at all by the Swedish 
Requirements 





The ninth CWA Control Objective contains 30 Measures that deal with a secure, safe and 
reliable operating environment. The following Measures were partially addressed or not 
addressed at all: 


e 9.01 Operators should appoint a Compliance Officer, who will assume overall 
responsibility for compliance with the controls specified within the Control Measures. 
e 9.02 The appointed Compliance Officer should: 
о Ве responsible for any other staff members appointed іп terms of these 
Control Measures, for example responsible gambling and AML officers. 
o Ensure that training and awareness programmes, specified within the 
Control Measures, are conducted on an annual basis or more frequently if 
required within the operator organisation. 
о Ensure that processes, policies and procedures required for compliance are 
established, implemented and maintained. 
о Наме the responsibility and authority to regularly report compliance with the 
Control Measures to senior management. 
е 9.03 Operators should keep financial transaction records in accordance with the 
retention requirements of their licensing jurisdiction. 
е 9.04 Operator websites should display the name of the operator and the address of 
its registered office. 
е 9.05 Operators should have a legal operating license from a European regulatory 
authority, which should be prominently displayed on the operator’s websites. 
e 9.06 Operators should keep records in a manner that will allow the timely preparation 
and audit of financial statements and accounts. 
е 9.07 Operators should commit to an annual audit of financial statements апа 
accounts performed by a reputable external audit firm. 
е 9.08 Operator websites should prominently display date stamped contractual terms 
and conditions applicable to gambling activities. 
e 9.09 General “terms and conditions should be available to print or download at any 
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time. 

9.10 Security policies and procedures should be documented and communicated to 
relevant employees, and reviewed at least annually or in the event of material 
changes. 

9.11 Security policies and procedures should be implemented and monitored. Risk- 
based internal and external security reviews should be conducted at least annually or 
in the event of material changes. 

9.12 Physical security perimeters should be in place to ensure restricted access to 
authorised personnel to areas that contain information and information processing 
facilities and to reduce the risk of environmental threats and hazards to equipment. 
9.13 Relevant third party and business partner contractual terms and conditions 
should cover all appropriate security requirements. 

9.14 Virus scanners and/or detection programs should be installed on all pertinent 
information systems. These programs should be updated regularly to scan for new 
strains of viruses. 

9.15 Controls should be in place for changes to information processing facilities and 
systems in order to reduce the risk of security or system failures. 

9.16 All customers should be verified through the use of an account 
identifier/password pair, or by any other means that provide equal or greater security 
(e.g. digital certificates), prior to being permitted to participate in gambling activities. 
9.17 All system users should have their identity verified with an account 
identifier/password pair, or by any other means that provide equal or greater 
security, prior to being permitted to access the system. 

9.18 All customer deposit, withdrawal or adjustment transactions should be subject 
to strict security control and should be maintained in a system audit log. 

9.19 Information involved in online transactions should be protected to prevent 
incomplete transmission, miss-routing, unauthorised message alteration, 
unauthorised disclosure, unauthorised message duplication or replay. 

9.20 A policy on the use of cryptographic controls for protection of information 
should be developed and implemented. 

9.21 Backup and recovery procedures should be in place to ensure appropriate data 
and information (e.g. logs and financial information) are backed up on a regular basis 
and can be restored in the event of a disaster. 

9.22 Backup and disaster recovery responsibilities and procedures between software 
providers and operators should be clearly defined. 
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е 9.23 The system should enable customers to complete interrupted games, within а 
reasonable timeframe, whether from loss of communication with the end-player 
device or an event on the system. 

е 9.24 All information required for completing an incomplete game should be 
recoverable by the system. 

е 9.25 All transactions involving customer funds should be recoverable by the system in 
the event of a failure or malfunction. 

е 9.26 If a operator has reason to believe or to suspect that an interruption has been 
caused, or a transaction affected by illegal activity, the operator may withhold 
payment pending further investigation. 

е 9.27 A development methodology for software and applications should be defined, 
documented and implemented. 

е 9.28 All documentation relating to software and application development should be 
available and retained for the duration of its lifecycle. 

е 9.29 Change control procedures should be implemented in line with the change 
management policy and should cater for the following: 

о Approval procedures for changes to software. 

о A policy addressing emergency change procedures. 

o Procedures for testing and migration of changes. 

о Segregation of duties between the developers, quality assurance team, the 
migration team and users. 

о Procedures to ensure that technical and user documentation is updated as a 
result of a change. 

о Procedures to ensure that security control requirements are specified for 
new information systems, or enhancements to existing information systems. 

e 9.30 The test environment ought to be isolated physically and logically from the live 
operational systems. 


5. SWEDISH RESPONSIBLE GAMBLING POLICIES AND PROCEDURES THAT ARE NOT CONTAINED IN THE CWA MEASURES. 
An inherent limitation of a benchmarking exercise of this nature against existing standards is the potential for limiting the scope of the review. Benchmarking is normally seen as a means 
to learn from other’s situations, and with this іп mind there are a few relatively small areas where the CWA can be further strengthened based on Swedish Requirements. 
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5. 


SWEDISH RESPONSIBLE GAMBLING POLICIES AND PROCEDURES THAT ARE NOT CONTAINED IN THE CWA MEASURES. 


During the performance of our review work, we identified the following areas where the CWA Measures did not contain an equivalent to a Swedish requirement: 


SPER's standards, principles and guidelines for responsible gambling 





2.1 when developing new products or services conduct an analysis to evaluate the risk factors look at facts and research; 

2.2 implement measures, based on an analysis, to minimize possible risks connected to risk or the service. The measures should be documented and be evaluated continuously. 
8.1 having a process to connect facts to the purpose and to evaluate actions taken to spread gambling responsibility; 

8.2 continuously evaluate actions taken regarding gambling responsibility; 

8.3 encourage research on gambling responsibility; 

8.4 invite different actors with the purpose to inform about working with gambling responsibility; 

9.1 implement routines for a regular dialog with key stakeholders; 

9.2 define key numbers based on goals, on different levels of the corporation; 

9.3 report about what has been done during the year in relevant channels; 

9.4 aim to verify their action program through a third actor. 

10.1 taking part of experiences and knowledge to create a more effective gambling responsibility; 

10.2 invite different stakeholders to have dialog with the purpose to achieve insight in the situation of the gambling addicted ones; 
10.3 offer lectures on gambling problems together with the gambling addict's organisations; 

10.4 contribute to a common platform for coordinating questions on gambling problems and gambling responsibility; 

10.5 work for more knowledge on gambling problems and gambling responsibility. 


The Swedish Gambling Authorities' injunctions on gambling consequences analysis 


The gambling consequences analysis should also include a summarizing judgement of the risk for being affected by social damages like exaggerated gambling and gambling 
addiction. 


SPER's guidelines on bonuses - September 2013 





Performance bonus (e.g. ”put in xx and get yy”) may not exceed the performance stake or the value of 200 kroners at each time of apportion. 
Free bonuses (e.g. bonuses for registering or gambling profits) may not exceed the value of 200 kroners at each time of apportion. 
Compensation for losses (e.g. guaranties of winning) may not exceed 50 % of the stake or the value of 200 kroners at each time of apportion. 
Discounts (e.g. “buy x, pay y”) may not exceed the value of 200 kroners at each time of apportion. 

No bonuses may be progressive (e.g. “buy x, pay y, but pay for 2x and you get 3y”) 
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6. CONCLUSION 


The purpose of eCOGRA’s review work is to benchmark the CWA Measures against current Swedish Requirements, in order to demonstrate the levels of compliance and ethical conduct 
demonstrated by European operators who operate remotely in regulated markets and have adopted the CWA Measures. 


In the absence of pan-European regulation, self-regulation standards which draw on industry best practice and which reflect what is expected of gambling operators in the jurisdictions 
where they are licensed are the most effective means of consistently creating and maintaining a safe and secure environment for consumers. Some regulators like Denmark have already 
used the CWA in shaping their regulations and others including the Netherlands are discussing whether there is common ground between them and the CWA that can supplement that 
process. 


The benchmarking results illustrate that the current Swedish Requirements only address or partially address 56% of the CWA’s Measures. In our opinion the use of the CWA as a 
common code within Sweden would strengthen the current standards and achieve a higher level of consumer protection. 
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